Latest news of the domain name industry

Recent Posts

Zero registrars pass ICANN audit

Some of the biggest names in the registrar game were among a bewildering 100% that failed an ICANN first-pass audit in the latest round of random compliance checks.

Of the 55 registrars picked to participate in the audit, a resounding 0 passed the initial audit, according to data released today.

Among them were recognizable names including Tucows, Register.com, 1&1, Google and Xin Net.

ICANN found 86% of the registrars had three or more “deficiencies” in their compliance with the 2013 Registrar Accreditation Agreement.

By far the most problematic area was compliance with sections 3.7.7.1 to 3.7.7.12 of the RAA, which specifies what terms registrars must put in their registration agreements and how they verify the contact details of their customers.

A full three quarters of audited registrars failed on that count, according to ICANN’s report (pdf).

More than half of tested registrars failed to live up to their commitments to respond to reports of abuse, where they’re obliged among other things to have a 24/7 contact number available.

There was one breach notice to a registrar as a result of the audit, but none of the failures were serious enough for ICANN to terminate the deficient registrar’s contract. Two registrars self-terminated during the process.

ICANN’s audit program is ongoing and operates in rounds.

In the current round, registrars were selected from those which either hadn’t had an audit in a couple of years, were found lacking in previous rounds, or had veered dangerously close to formal breach notices.

The round kicked off last September with requests for documents. The initial audit, which all registrars failed, was followed by a remediation phase from January to May.

Over the remediation phase, only one third of the registrars successfully resolved all the issues highlight by the audit. The remainder issued remediation plans and will be followed up on in future rounds.

The 0% pass rate is not unprecedented. It’s the same as the immediately prior audit (pdf), which ran from May to October 2016.

Black Ice suspended by ICANN

Kevin Murphy, December 8, 2014, Domain Registrars

A small Israeli registrar has had its registrar accreditation suspended by ICANN.

Black Ice domains, which has a few thousand .com and .net domains under management, failed to comply with an ICANN audit and was overdue on its fees by over $5,000, according to the ICANN notice (pdf).

It won’t be allowed to sell gTLD domains or accept inbound transfers from December 19 to March 18, and may be terminated if it fails to come back into compliance.

The registrar is the fourth to have its accreditation suspended by ICANN in 2014. The organization has terminated a further seven registrars, down on the 11 terminated in the whole of 2013.

Almost half of registrars “deficient” in compliance audit

Almost half of accredited domain name registrars were found “deficient” during a recent ICANN compliance survey.

Results of an audit published today show that 146 of 322 registrars (45%) picked at random for the September 2013 to May 2014 study had to carry out some form of remediation in order to comply with their contracts.

The report comes at the end of the second year of ICANN’s audit program, which aims to bring all accredited registrars and gTLD registries into compliance over three years.

The deficiencies noted at 146 registrars cover areas ranging from compliance with ICANN consensus policies to the availability of Whois services over the web and port 43.

In almost every instance the numbers were down on last year.

For example, ICANN documented 86 registrars who could not initially show compliance with requirements on the retention of registrant data, down from 105 a year ago.

Only 15 registrars of the 322 (4.6%) flunked the audit and will be re-tested. The others were all able to bring their systems into line with ICANN’s requirements during the course of the audit.

Three registrars were terminated as a result of deficiencies identified during this phase of the program.

The full report, along with the list of participating registrars, can be found here.

In major snub, Verisign refuses to let ICANN audit .net

Kevin Murphy, January 11, 2013, Domain Registries

Verisign has delivered a significant blow to ICANN’s authority by refusing to take part in its contractual compliance audit program.

The snub runs a risk of scuppering ICANN’s plans to make compliance a cornerstone of its new management’s strategy.

In a letter to ICANN’s compliance department this week, Verisign senior vice president Pat Kane said that the company has no obligation to submit to an audit of .net under its ICANN contract.

Kane wrote:

Verisign has no contractual obligations under its .net Registry Agreement with ICANN to comply with the proposed audit. Absent such express contractual obligations, Verisign will not submit itself to an audit by or at the direction of ICANN of its books and records.

The company is basically refusing to take part in ICANN’s Contractual Compliance Audit Program, a proactive three-year plan to make sure all gTLD registries and accredited registrars are sticking to their contracts.

For registries, the plan calls for ICANN to look at things like compliance with Whois, zone file access, data escrow, monthly reporting, and other policies outlined in the registry agreements.

Verisign isn’t necessarily admitting that it thinks it would not pass the .net audit, but it is sending a strong signal that it believes ICANN’s authority over it has limits.

In the program’s FAQ, ICANN admits that it does not have explicit audit rights over all contracted parties, stating:

What’s the basis for including all contracted parties, when the ‘Right to Audit’ clause isn’t present in 2001 RAA and Registry Agreements?

One of ICANN’s responsibilities is to conduct audits of its agreements in order to ensure that all contracted parties are in compliance with those agreements.

If Verisign is refusing to participate, other registries may decide they don’t want to cooperate either. That wouldn’t look good for ICANN, which has made compliance a key strategic priority.

When Fadi Chehade started as CEO last September, one of his first moves was to promote compliance boss Maguy Serad to vice president, reporting directly to him.

He told DI that he would be “bringing a lot more weight and a lot more independent management from my office to the compliance function”.

At his inaugural address to the community in Prague last June, he spoke of how he planned to bring IBM-style contract management prowess to ICANN.

Compliance is also a frequently raised concern of the Governmental Advisory Committee (though generally geared toward rogue registrars rather than registries).